As various forms of distributed computing, such as cloud computing, have come to dominate the computing landscape, computing system security has become increasingly important. Various forms of malware protection, virus protection and other forms of protection are typically provided to computing systems to protect the software and services employed by those computing systems. However, proper computing system security includes more than just protecting a computing system from virus's and malware.
In situations where one or more secure computing systems contain especially sensitive information or where one or more secure computing systems provide services that have access to or otherwise directly or indirectly utilize sensitive information, knowing which users or computing systems should be provided access to those secure computing systems and computing systems that have access to secure computing systems is often difficult. Unintentionally granting a malicious user or a computing system associated with a malicious user access to a secure computing system can be a problem in many ways. For example, such a malicious user may, by virtue of login credentials being presented at a time of login, unknowingly be granted authority to perform sensitive process operations, use processes that grant access to other computing systems, access or otherwise use sensitive data, or install corrupted or malware-related software, among other possibilities. Granting such misplaced authority may harm the secure computing system itself, allow other bad actors to access or otherwise use data or processes associated with the secure computing system, or harm the computing systems associated with the secure computing system in other ways. Certainly, allowing a malicious user access to a secure computing system can compromise its security.
The problems and solutions disclosed herein relate to computing system security, and primarily address a shortcoming in security relating to secure computing systems interacting with or otherwise executing sensitive processes or sensitive data. Typical security protocols involve a single secure computing system receiving an access request and the secure computing system making a decision to allow or disallow the requested access to the secure computing system. However, there is a shortfall in the security protocols because there is no third party assessment of whether a user or computing system associated with the request is authorized to access the secure computing system, or whether the access request is being submitted for a valid reason. In some circumstances, allowing a valid user access to a secure computing system when there is no reason for the user to be accessing the secure computing system is problematic. Thus, a user of prior art systems may be granted access based on false credentials, or a legitimate user may be allowed access to the secure computing system for unknown, possible malicious or nefarious purposes.
Therefore, there is a longstanding technical problem in that the prior art fails to ensure that only valid, authorized persons are granted access to or are otherwise allowed to use secure computing systems on a need-to-know basis.